Wednesday, August 20, 2003

Spotting an infected machine...

I too was buried by email related to this virus. After examining the full headers, I suspect I know who's PC was infected, but I wondered why network admins don't have an easy way to spot a PC that's spewing forth hundreds of bogus emails. I envision some sort of visual network map that would have an icon or something to represent each PC on the network, and there'd be some sort of colour code when one of them is particularly hot. This map would be zoomable, and when you got closer to the infected PC it could show the spew similarly to those videos of coral reefs spewing forth eggs or what ever it is they spew. So once Identified the admins at least know whos PC to shut down and disinfect. Damn it was annoying to get that much spam!

"Initial analysis would suggest that Sobig.F is a mass-e-mailing virus that is spreading very vigorously. Sobig.F appears to be polymorphic in nature. The address is also spoofed and may not indicate the true identity of the sender," a MessageLabs statement said. The sender appears to be someone from a recognized domain name, such as ibm.com, zdnet.com or microsoft.com. The subject line typically says "Re: Details," "Resume" or "Thank you."